from the because-anti-piracy-is-more-important-than-the-internet dept

We already wrote about the MPAA's plan to break the internet by trying to twist a portion of the DMCA to force ISPs to remove DNS entries, making sites effectively disappear off the internet. However, one key element to this actually relies on an issue closely related to the net neutrality fight -- though understanding it involves going pretty deep into both copyright law and telecommunications law.

Historically, the MPAA has been against net neutrality for a long time. Back in 2007, during the original net neutrality fight, the MPAA weighed in with an FCC filing against net neutrality, arguing that it would interfere with filtering technologies that it wanted ISPs to start using. In 2009, as the second net neutrality battle ramped up, the MPAA sent a similar filing -- with some friends arguing that net neutrality is just another word for file sharing, and would lead to "rampant looting." Given all this, the 2010 open internet rules from the FCC included a special carveout for copyright content, arguing that the rules "do not apply" to copyright infringement.

We noted, earlier this year, how ridiculous it was that the MPAA was still on the wrong side of the net neutrality debate, seeing as how it would stifle a bunch of important new developments that have vastly improved things for filmmakers. But, it appears that the MPAA didn't get the message, at all. The only message it got was to be quieter about its opposition to net neutrality. In some of the leaked emails, it's noted that the MPAA's strategy on net neutrality is to be quiet and evasive about it:

On network neutrality: Most member companies supported, in principle, a narrow, low-profile MPAA filing focused on opposition to the regulation of content.

And, indeed, that's basically what happened. On September 15th, the MPAA filed a fairly short comment that mainly focused on making sure the new rules don't create some sort of compulsory licensing scheme for content (no actual rules under consideration would do that) and that they don't interfere with copyright law. Just a few weeks ago, it appears that the MPAA and a bunch of studio execs further met with the FCC to reiterate that there should be a copyright infringement loophole in any net neutrality rules:

the FCC should adopt its tentative conclusion to cary forward language in its previous network neutrality provisions making clear that the rules do not prevent content companies and ISPs from combating piracy...

That's all to be expected. But there's something much more nefarious going on, which came out in the leaked document [pdf] we discussed earlier about pretending that the DMCA requires DNS-level takedowns. We were a bit confused, initially, by TorrentFreak's recent mention of the MPAA exploring the use of the Communications Act, but the full leak of the document makes that much clearer.

It's not that the MPAA is looking to use the Communications Act against ISPs, but rather, the plan is to think about using the ISPs' own arguments against net neutrality as a wedge to force them into site blocking. To understand how this works, you have to go back nearly a decade to to the Supreme Court's ruling in the Brand X case (which, coincidentally, came out the same day as the Grokster ruling). This was the case in which the Supreme Court upheld the FCC's decision to say that cable internet providers could be classified under Title I as an "information service" rather than a "telecommunications service" (under Title II).

Obviously, that's the key fight that we're in today -- to see whether the FCC can go "reclassify" internet (for both cable and DSL) away from Title I and back to Title II. Here's why this matters in the copyright context: as we mentioned in our earlier post, "notice and takedown" provisions in the DMCA do not apply to "transitory digital network communications" under 512(a) of the DMCA. In plain language, this means that copyright holders can't send takedown notices or append liability to a network provider just because some infringing content traversed its network. That makes sense. Without that, networks would have to do deep packet inspection and try to spy on basically all traffic.

But... part of the reason why broadband companies won the Brand X case was by arguing that they're a lot more than just a network "telecommunications" service -- and that's because (they argued) they provide a lot more -- including DNS services. And, thus, the MPAA argues, under the Brand X ruling, broadband providers are effectively admitting that DNS services are not covered by the DMCA's 512(a) and thus may be covered by 512(d) ("information location tools") which are subject to notice and takedown rules. Here's the MPAA explanation:

ISPs successfully advocated before the FCC, and then at the U.S. Supreme Court..., that broadband service does not constitute a “telecommunications service” within the definition of 47 U.S.C. 153(53) because broadband ISPs offer functionalities such as email and DNS, which are not “telecommunications.”.....

Because ISPs offer an intertwined service package that includes both telecommunications and information services, the FCC held in Cable Modem Declaratory Ruling, and the Supreme Court affirmed in Brand X, that retail ISP service from a last-mile provider is not an “offering” of telecommunications to the public within the meaning of the “telecommunications service” definition, because the “offering” includes both telecommunications and information services blended into the same service.

From there, the MPAA notes that the definition of a "service provider" is very similar under both the Communications Act and the DMCA -- meaning that there's a "colorable" argument, that since broadband providers have convinced the FCC and the courts that they're not telecommunications services under the Communications Act it should also mean that they're not a "transitory digital network communications service provider" under the DMCA:

...both statutory definitions are essentially identical (and the legislative history shows an intent to make them identical), and, having successfully advocated for and obtained a holding from the FCC that they do not provide “telecommunications services” for purposes of the Communications Act, ISPs should not then be allowed to turn around and claim that they are “service providers” for purposes of the DMCA. One might further contend that any specific ISPs that litigated the Brand X case or its progeny should be estopped from taking a contrary position under the DMCA.

In short, because these ISPs got classified as information services rather than as telco services by the FCC (and the Supreme Court said that was okay), they can't then argue that they are telco services for the DMCA protections.

Given that, if the FCC were to reclassify broadband back under Title II, this leg of the MPAA's argument would essentially evaporate. Because it would confirm, absolutely, that broadband providers are telco service providers, and thus clearly protected by the DMCA under 512(a). Thus, for the whole "notice and takedown at the DNS level" plan to be most likely to succeed, the MPAA really needs broadband to remain classified under Title I, so that it can rely on the argument that DNS services are not part of being a telecommunications service, but rather should be classified as a "information location tool" subject to notice and takedown.

I recognize that this may be confusing to follow -- though I've tried to lay out the specifics from both copyright and telco law in a way that's clear. The short version of this is simply that a key part of the MPAA's "site blocking by DNS" plan, actually relies on the fact that broadband providers are not, currently, classified as telco services under Title II. If that changes, it takes away a big part of the MPAA's legal argument. Personally, I think the MPAA's argument, even if broadband is classified under Title I, is incredibly weak already, but having the FCC reclassify broadband providers back under Title II would make the MPAA's attempt to break the internet that much harder, even with the loophole language concerning copyright infringement.

And, of course, all this goes to show just how far former Senator, now MPAA boss, Chris Dodd has gone in selling his soul to Hollywood. Back when he was in Congress, he was a big supporter of net neutrality. Apparently, being principled doesn't pay as good.

from the how-very-nice-of-them dept

Yes, all the attention these days about the Sony hack is on the decision to not release The Interview, but it still seems like the big story to come out of the hack is the sneaky plans of the MPAA in its bizarre infatuation with attacking the internet. We've already covered the MPAA's questionably cozy relationship with state Attorneys General (to the point of both funding an investigation into Google and writing documents for those AGs to send in their names), as well as the continued focus on site blocking, despite an admission that the MPAA and the studios still don't have the slightest clue about the technology implications of site blocking.

For years, actual technology experts have explained why DNS blocking is a really bad idea, but the MPAA just can't let it go apparently. It's just, this time, it's looking for ways to do it by twisting existing laws, rather than by getting a new SOPA-like law passed.

To understand the plan, you have to first understand the DMCA section 512, which is known as the safe harbor section, but which includes a few different sections, with different rules applying to different types of services. 512(a) is about "transitory digital network communications" and basically grants very broad liability protection for a network provider who isn't storing anything -- but just providing the network. There are good reasons for this, obviously. Making a network provider liable for traffic going over the network would be a disaster for the internet on a variety of levels.

The MPAA lawyers appear to recognize this (though they make some arguments for getting around it, which we'll get to in a follow-up post), but they argue that a specific narrow attack via DMCA might be used to force ISPs to break the basic internet by disabling entries in their own DNS databases. The trick here is twisting a different part of the DMCA, 512(d), which is for "information location tools." Normally, this is what's used against search engines like Google or social media links like those found on Twitter. But the MPAA argues that since ISPs offer DNS service, that DNS service is also an "information location tool" and... ta da... that's how the MPAA can break DNS. The MPAA admits that there's an easy workaround for end-users -- using third-party DNS providers like OpenDNS or Google's DNS service -- but many users won't do that. And the MPAA would likely go after those guys as well.

At the same time, even this narrow limitation on ISPs’ immunity could have the salutary effect of requiring ISPs to respond to takedown notices by disabling DNS lookups of pirate sites through the ISPs’ own DNS servers, which is not currently a general practice. Importantly, the argument for such a requirement need not turn on the Communications Act, but can instead be based on the DMCA itself, which expressly limits ISPs’ immunity to each “separate and distinct” function that ISPs provide. See 17 U.S.C. § 512(n). A reasonable argument can be made that DNS functionality is an “information location tool” as contemplated by DMCA Section 512(d) and, therefore, that ISPs are required, as a condition of the safe harbor, to cease connecting users to known infringing material through their own DNS servers. Should this argument hold – and we believe that it has a reasonable prospect of success – copyright owners could effectively require ISPs to implement a modest (albeit easily circumvented) form of DNS-based site blocking on the basis of only a takedown notice rather than litigation.

In short, since DMCA takedown notices apply to "information location tools," but not to "transitory network communications," the MPAA would like to argue that just the DNS lookup functionality is an information location tool -- and can thus be censored with just a takedown notice. This is both really slimy (though brilliant in its nefariousness) and insanely dangerous for the internet and free speech. We see so many bogus DMCA takedowns of basic content today, and here the MPAA is looking to effectively, and sneakily expand that to whole sites by misrepresenting the law (badly).

DNS is not an "information location tool" in the sense of a search engine. It's the core underpinning of how much of the internet works. At no point in the 16 years the DMCA has been around has anyone made an argument that the DNS system was covered by the "information location tools" definition. Because that's clearly not what it was written to cover. The MPAA's lawyers (in this "confidential" memo) appear to recognize that this argument doesn't fully make sense because of that, but they seem to think it's worth a go:

To be sure, the argument is not guaranteed to succeed, as unlike a “pointer” or “hyperlink text,” DNS provides a user’s browser with specific information (IP routing information) that the user has requested by other means (alphanumeric internet addresses), as opposed to providing the user with an active interface allowing the user to request information online, as they might from a clickable page of search results. But at least in the literal sense, DNS appears to fit within the list of Section 512(d) functions and a reasonable argument can be made that DNS is more like a “directory” than the provision of “routing” and should be treated accordingly under the statute as a Section 512(d) function rather than a Section 512(a) function.

Pushing this argument would raise many of the problems found with the original DNS-breaking proposal in PIPA/SOPA. It would raise even more serious questions about the First Amendment and prior restraint. Effectively, it would be moving the definition of "information location tool" down the stack, such that rather than requiring the removal of access to the specific infringing content, it would require removal of access to an entire site based on a single accusation of infringement. Someone uploaded an infringing video to YouTube? Under this interpretation, the MPAA can force Verizon to make YouTube disappear from the internet for all users relying on Verizon's DNS. The censorship implications are massive here, especially with no court proceeding at all. This wouldn't require anything in court -- just a single takedown notice, of which copyright holders send millions. Rather than sending all those notices to Google and getting them delisted from search, copyright holders could turn the firehose towards Verizon, AT&T and Comcast, and basically take down half the internet on their say so alone. Yes, sites could counternotice, but ISPs would have 10 business days in which they can keep sites off their DNS entirely.

The results would be insane.

And that doesn't even touch on the technical havoc this would wreak. As we've noted earlier, the MPAA admits it's not clear on the technical implications of this plan, but let's just point back to Paul Vixie's discussion of how SOPA/PIPA would break the internet by mucking with the core DNS functionality, no matter how it was implemented.

What this goes back to is the core purpose of DNS, which is merely to translate a URL into a numeric equivalent to connect. It's not an information location tool for helping people "find" information -- it's just the basic plumbing of how the internet works. It's how basically all pieces of the internet expect to work. If you put in a URL here, then DNS returns the proper IP addresses to follow through there. Breaking that, effectively fracturing the internet, and creating a patchwork of different DNS systems would create a huge list of problems not easily fixed.

And, yet, because the MPAA can't figure out how to adapt to the times, it appears to be willing to give it a shot. Because, hey, it's better than innovating.

from the really,-guys? dept

While I still think the biggest story to come out of the Sony hacks is the fact that the MPAA had a plan to fund investigations of Google by public officials to get negotiating leverage over the company, a lot of other interesting tidbits have been revealed as well, including the fact that the MPAA still really, really believes in the idea of site blocking. It has listed it as a "high priority" item that was discussed in a recent anti-piracy strategy meeting bringing together the top lawyers from most of the major Hollywood studios:

As the TorrentFreak article above notes, the MPAA laid out a four prong approach to force site-blocking on the US. The Verge recently posted an MPAA email that described at least some of the strategy as well:

We have traditionally thought of site blocking in the US as a DMCA 512(j) issue. In some ways, that is too narrow and we plan to expand our scope of inquiry on two levels. First, DMCA 512(j), by its terms, necessarily creates an adversarial relationship with the target ISP (and more generally with the ISP community). We have been exploring theories under the All Writs Acts, which, unlike DMCA 512(j), would allow us to obtain court orders requiring site blocking without first having to sue and prove the target ISPs are liable for copyright infringement. This may open up avenues for cooperative arrangements with ISPs. Second, we start from the premise that site blocking is a means to an end (the end being effective measures by ISPs to prevent infringement through notorious pirate sites). There may be other equally effective measures ISPs can take, and that they might be more willing to take voluntarily. Our intention is to work with our own retained experts and Comcast (and MPAA’s Technology group) to identify and study these other possibilities, as well as US site blocking technical issues.

The MPAA is right that 512(j) is likely a dead end. In fact, a legal analysis done by the MPAA's lawyers at Jenner & Block (the MPAA's preferred legal hatchet men) details why. The "All Writs Act" approach is nutty, and would lead to significant push back from a variety of parties (we just recently noted that the DOJ has been trying to use the All Writs Act to get companies to help decrypt encrypted phones). There would undoubtedly be a big legal fight over any such attempt. Other plans, like using the ITC or the Communications Act would also run into problems.

In fact, The Verge also just published some internal legal analysis from Jenner & Block explaining why the ITC route is really risky and unlikely to work, whether targeting transit ISPs (Level3, Cogent, etc...) or access ISPs (Verizon, Comcast, AT&T, etc...). Amusingly, the "alternative" to SOPA that was pushed out by some anti-SOPA folks in Congress actually would have made the ITC route more feasible, but the MPAA was among its loudest critics. And yet now suddenly it's exploring the ITC path? Ha!

Either way, the most insane part of all of this is the fact that, nearly three years after SOPA, the MPAA more or less admits in an email that it hasn't really analyzed the technological impact of site blocking (which was a key component of SOPA) and feels like maybe it should get on it. From the email sent by MPAA General Counsel Steven Fabrizio:

Technical Analyses. Very little systematic work has been completed to understand the technical issues related to site blocking in the US and/or alternative measures IPSs might adopt. We will identify and retain a consulting technical expert to work with us to study these issues. In this context, we will explore which options might lead ISPs to cooperate with us.

Talk about putting the anti-piracy cart before the internet horse...

Meanwhile, the MPAA -- recognizing the shit storm created by SOPA -- has made sure that all of its site blocking efforts are to remain as quiet as possible (oops):

Be cautious about communications on site-blocking—continue building a record of success where possible, but avoid over-communicating and drawing negative attention.... Where site-blocking is actively under consideration, make available research (1) that site-blocking works and (2) that it does not break the Internet (lack of "side effects"). [Do this] in closed-door meetings with policymakers and stakeholders, [but] not necessarily publicized to a wider audience.

Yes, make sure people think site blocking "works" even though the MPAA doesn't have the requisite technical knowledge to understand it. So, in the interest of open source research, I'm going to help the MPAA out a bit and explain to them why site blocking is stupid and massively counterproductive. I mean, they could just look at what's happened in the past few weeks since The Pirate Bay went down, leading tons of other sites to pop up and (as reported in Variety -- normally a keen source of spinning in favor of the studios) the actual impact on infringement online was basically nil.

But, let's take this a step further. Let's say... for example, that the MPAA succeeded in having certain "evil" sites blocked. Thankfully, at about the same time as these meetings were going on, the MPAA also gave Congress a list of the sites it considered "notorious." Let's take one -- how about torrentz.eu -- and do a basic Google Search showing what results would come up if Goliath Google were forced not to link to the site (which is slightly different from site blocking, but the MPAA is also talking about similar efforts to get full domains "removed" from Google as an alternative to site blocking -- and the end results would be pretty much the same thing). Take a look:

If you can't see it, it's basically a bunch of links to pages listing out where you can go instead of that particular site. In short, site blocking is stupid. It won't actually cut down on any infringing activity, and it's easily gotten around, whether by VPNs or just by doing a rather basic search. Now, of course, the MPAA and its friends would likely still blame Google for this state of affairs, but I'm curious how the MPAA contends that Google should return results on such a site if it's been blocked or removed from search? How could it possibly also block out links to sites that list alternatives? Or is part of the plan to expand the censorship all the way down the pile so that any site that even mentions sites that the MPAA declares "notorious" also need to be blocked? Because if that's the case, they're going to run into a pretty massive First Amendment question before long.

The problem -- as always -- is that the MPAA still thinks that the public is stupid, and that if they can successfully "block" sites that people will stop looking for alternatives. The reality is that the way to get people to stop looking for unauthorized alternatives is to make better authorized alternatives -- but that's clearly still not a priority for the MPAA. And that's a real shame.

And none of this even touches on the problems with false positives (something that's already happened a bunch) or how site blocking might seriously screw up certain security setups, like DNSSEC (something the MPAA was clearly warned about during the SOPA fight, but which it still seems to deny is a real problem). In fact, during a recent secret "Site Blocking" meeting by the MPAA, it still appears to mock the idea that site blocking would break the internet by messing up DNSSEC. That's because the MPAA still doesn't seem to fundamentally understand the issues at play. If they actually talked to some real engineers at ISPs, maybe they'd learn that this whole infatuation is misguided and won't work.

In short, the MPAA sees site blocking as a priority because it doesn't understand the first thing about site blocking and why it would fail -- and that's speaking legally, technically and using just basic common sense. So why is the MPAA so focused on that, rather than actually innovating and adapting? This is what happens when you put a bunch of litigators, rather than innovators, in charge.

I don't care what the international community says. Everyone will witness the power of the Turkish Republic

Turkish ISPs followed the orders to block Twitter, but so far, it's not the power of the Turkish Republic we're seeing, but the power of people and technology to route around attempts at censorship. Many people quickly turned to VPNs or realized that they could still Tweet via text message... or that they could use alternative DNS providers. In fact, it's reached such a level that there's graffiti on the walls in Turkey pointing to Google's DNS which lets users route around the Twitter block:

Twitter is blocked in Turkey. On the streets of Istanbul, the action against censorship is graffiti DNS addresses. pic.twitter.com/XcsfN7lJvS

As we had noted earlier, while the Prime Minister has been pushing this, Turkey's (less powerful) President, Abdullah Gul has been fighting back against these censorship attempts, and even went so far as to get around the ban himself to tweet against the ban and his tweet quickly was retweeted thousands of times.

Twitter itself is apparently looking into legal action to restore the site fully, but so far it seems that basic technology and the will of the people is beating out the "legal" process. As Tufecki has now noted, Erdogan may have banned Twitter in Turkey, but "people in Turkey had banned the ban."

from the know-your-domain-right dept

When I first got into this business I frequently wondered why the domain-policy mailing lists I was getting involved in attracted a lot of activist types.

Over the years it became apparent to me very quickly, that in an emerging era of global communications and transparency (what Anthony Wile calls "The Internet Reformation") - that "the name" (the domain name) along with the ability to "locate it" (DNS) was a central, all-important "secret sauce" to the entire internet.

But it was only gradually that I became aware that it would take centre stage politically and and become the battleground between forces for liberty, free speech and emerging civil & business models on one hand and entrenched reactionary, authoritarian, cronyist kleptocrats on the other.

Hence those passionate activist types (some of whom I used to tirelessly argue with) were getting so worked up over the high-intensity Orwellianism that they could sense coming somewhere over the event-horizon.

While the co-opting of this marvellous internet into an all pervasive surveillance apparatus is a paramount issue, it is outside the scope of this article. Consider it one side of a dual-pronged approach of modern-era repression and totalitarianism.

The other side of that vice is the DNS and naming system of the internet which is the "choke point", where control can be exerted, censorship implemented and protection rackets flourish.

In a world where news travels over the internet before the traditional media is even aware of it, where non-sanctioned, unofficial sources can audaciously disseminate the truth without central planners massaging, spinning or heavily redacting it; the domain name, or the DNS that powers them is basically the dial tone of the entire global communications medium. Take out a domain or its DNS, you shut down it's voice, it's message or it's economic activity. You make it go away.

Without getting too detailed with the technical specifics (although I'll happily talk the ear off of anybody who asks me about it), the "inverted tree" structure of the DNS naming system distributes power in the following pattern:

The Root < -- ICANN

The Top Level Domains (com, net, org < ---- Verisign, Afilias, Public Interest Registry, Neulevel and soon all the new ones, Donuts, etc)

ICANN is conspicuously absent from curating the interests of global stakeholders within the overall naming scheme. Because of this, US law applies across most of the internet, and in the absence of a concerted effort to address global interests (no, not globalist interests, I mean "also considering interests from outside the USA") there will eventually be a root level net split and won't be pretty (yes, I'm fully aware how crazy that sounds now, I always sound crazy about 5-years in advance.)

At Level 2, the registry operators are themselves, pretty big and pretty bureaucratic - if a vested interest wants to compel them to do something they know they have to get a legal basis to do it, like a court order.

So the soft underbelly of coercive control starts at Level 3, which is rife with myriad third parties falling over each other to "serve" registrars, DNS providers, web hosts and ISPs with various facades of "legalese" designed to baffle unwitting abuse desks into submissive compliance with purely "made up" takedown rationalizations.

If you remember the Simpsons episode where Monty Burns is being committed to a mental institution against his will for becoming inordinately enthralled with the difference between "Ketchup" and "Catsup", he is informed by Chief Wiggum as he is being dragged up the steps to the asylum: "Relax…you've gone off your nut and you're being committed to a mental institution…. those grocery store clerks signed the commitment papers".

That's about the best description there is of today's "takedown request" racket that is overrunning the internet.

Quite literally "some guy", in England or "someplace" (often times in England tho), will email a registrar or a DNS host in some other country entirely and will tell them "Hi! I'm an 'internet investigator' here in some place in some official capacity, and the following domain names are operating in contravention to some laws here. So, uh, take the domains down. Ok?"

And more often than not, the recipient will simply AGREE and just do it.

If they do not comply right away the "official guy somewhere" will tell the recipient that if they do not comply then they are themselves in some sort of legal trouble (or in violation of some contractual obligation which some official guy somewhere is not even a party to) and there will be trouble.

Recipient usually agrees and shuts down the domain. Which, absent some obvious network abuse issue, I find mind-boggling. Some of the letters we get from private, non-governmental, self-appointed "regulatory" bodies with no legal or enforcement powers anywhere on earth contain claims and make leaps of logic which are on par with fantastic narratives spun in Nigerian 419 scams.

That some of the largest ISPs and registrars in the world actually take them seriously and shut down entire businesses on this basis is nothing short of criminally negligent.

But shut down they will. Somebody with a badge out of a box of Cracker Jacks can probably email your registrar right now and tell them to unplug your domain name from the internet and there's a good chance they'll do it.

People may tell me to calm down, because right now the most common targets seem to be "dodgy" websites (like "rogue" pharmacies), but as we've noted elsewhere, the script we laid out in First They Came For The File Sharing Domains is playing out nearly verbatim in the three years hence. And there was an extra-judicial attempt to take out Wikileaks for the crime of egregious truth telling.

Unless there is a court order in the jurisdiction of the Registrar who shuts you down - they CANNOT stop you from transferring your domain out to another Registrar.

That is your basic domain right (notice it's in the singular). It was just upheld by an NAF panel under an ICANN TDRP proceeding.
We're in the process of doing this again right now for another client who had their fully compliant Canadian business, doing business from and in Canada was shut down entirely when literally "some guy in England" emailed their US-based registrar and told them to shut down their domain - which they promptly did, no questions asked (watch our blog as this unfolds).

Hopefully before long Registrars are going to wake up and realize that Chief Wiggum can't compel them to take down, hijack and lock your domain name unless he has a court order from some place other than Springfield.

from the misinformation-works dept

We already walked through the ridiculousness of RIAA boss Cary Sherman claiming that the reason SOPA/PIPA were defeated was because of a "misinformation" campaign on the part of some tech companies. Tons of folks who have followed the RIAA for years probably broke out in open laughter when we saw this statement from Sherman:

Misinformation may be a dirty trick, but it works.

Because, if anyone knows that "misinformation works," it's Cary Sherman, who is famous for his ability to run vast misinformation campaigns to get bills passed. Thankfully, Ernest Falcon, over at Public Knowledge decided that if Sherman wanted to open the door to discussing "misinformation campaigns" concerning SOPA/PIPA, we might as well focus on the biggest one of all: the claims by the MPAA and RIAA that DNS blocking was no big deal:

During
the legislative hearing on SOPA, House Homeland Security Subcommittee Chairman on
Cybersecurity Rep. Dan Lungren (R-CA) questioned MPAA Exec. Vice President
Michael O’Leary about the cybersecurity problem. In response he received the standard
misinformation campaign line of there was no cybersecurity problem and that
this type of activity “occurred all the time.” To bolster their
misinformation campaign, the content lobby worked hard to manufacture
the “truth” by highlighting the work of the very small number
of individuals (a grand total of three) who wrote “technical rebuttals.” These were not so much rebuttals as they were
well
orchestrated advocacy pieces that ignored the engineering and distorted
the studies they utilized in order to dupe Members of Congress to
believe the legitimate concerns were in fact unsupported.

Part
of the RIAA and MPAA misinformation campaign centered on the argument that DNS
filtering and secure networks (DNSSEC) could both exist in the same
network. This was despite the fact that top experts in the field provided an extensive
explanation why that would not be technologically possible (a couple of these
individuals actually saved the Internet in the past).
In the end, when Comcast (a SOPA supporter) announced they had to shut
down anything that filters DNS traffic when they activated DNSSEC and the White House Cybersecurity Coordinator stated that the bills “pose a
real risk to cybersecurity,” the jig was up.

Lastly,
claiming that censorship concerns in regards to DNS filtering were misplaced
completely ignores the fact that SOPA and PIPA moved America closer to censorship
oriented regimes. If these bills were enacted into law, American
broadband providers would have been required to install the same filtering
technology used in China, Iran, United Arab Emirates, Armenia, Ethiopia, Saudi
Arabia, Yemen, Bahrain, Burma (Myanmar), Syria, Turkmenistan, Uzbekistan, and
Vietnam. This reality triggered the outpouring of opposition from the international human rights community who fight censorship overseas
every day and point to the United States as the model. Summing up the
well informed reasoning behind their opposition, Julian
Sanchez with the Cato Institute points out that enacting SOPA
and PIPA would mean the “only difference between﻿ the Unites States and China is what's on the blacklist.”

Part of the RIAA's favorite tactics is to pull out all the dirty tricks in the book... and any time people call them on it, to accuse the other side of using the dirty tricks that were really being used by the RIAA. It's a classic DC-insider move, but in this day and age, where the internet can route around lies, it's going to backfire, as it did here. All you have to do is look at the comments on the original Sherman NY Times piece, where upwards of 90% of the comments call Sherman out for his ridiculous claims. Sherman has the old playbook, the one where those who knew the truth couldn't speak back. If he had paid attention at all to what happened in the SOPA/PIPA debate he would have know that playbook doesn't work any more. But, it's all he knows. If the major labels were smart (don't laugh), they'd dump Sherman and put someone in place who actually gets the internet.

from the holding-fire dept

Some late breaking news here: following Lamar Smith's announcement that the new manager's amendment for SOPA will remove DNS blocking (to be added back at a later date after it's been "studied"), Rep. Issa has announced that he will now postpone the "nerd" hearing that he was holding in the House Oversight Committee, which was originally scheduled for Wednesday. The key reason? Majority Leader Eric Cantor has promised him that he will not bring the bill to the floor unless there's real consensus on the bill. That's big news -- though, as Issa notes in his statement, it's worrisome that Senator Reid still seems to want to move forward with PIPA:

"While I remain concerned about Senate action on the Protect IP Act, I am confident that flawed legislation will not be taken up by this House. Majority Leader Cantor has assured me that we will continue to work to address outstanding concerns and work to build consensus prior to any anti-piracy legislation coming before the House for a vote,” said Chairman Issa. “The voice of the Internet community has been heard. Much more education for Members of Congress about the workings of the Internet is essential if anti-piracy legislation is to be workable and achieve broad appeal.”

"Earlier tonight, Chairman Smith announced that he will remove the DNS blocking provision from his legislation. Although SOPA, despite the removal of this provision, is still a fundamentally flawed bill, I have decided that postponing the scheduled hearing on DNS blocking with technical experts is the best course of action at this time. Right now, the focus of protecting the Internet needs to be on the Senate where Majority Leader Reid has announced his intention to try to move similar legislation in less than two weeks."

Indeed. It is still important that Congress hears from "the nerds" and plenty of other experts concerning the implications of these attempts to regulate the internet, but if SOPA is not going to be rushed to the floor, such hearings and education can (and should) happen in due time, rather than rushing to get them in, just as Congress comes back into session. There are more important things for Congress to focus on.

from the but-of-course dept

Well this is hardly a surprise given the trial balloons floated on Wednesday and Senator Leahy's announcement yesterday, but Rep. Lamar Smith has now said that, like Leahy, he wants to delay the implementation of DNS blocking within SOPA until it's been "studied." According to a press release:

"After consultation with industry groups across the country, I feel we should remove Domain Name System blocking from the Stop Online Piracy Act so that the Committee can further examine the issues surrounding this provision. We will continue to look for ways to ensure that foreign websites cannot sell and distribute illegal content to U.S. consumers."

Once again... the devil is very much in the details. And, to be honest, Smith technically "removed DNS blocking" from SOPA already. It no longer requires DNS blocking, but merely "reasonable measures" to block access to sites. So, it's not even entirely clear what he means here. Does he mean he'll remove site blocking? Or is he really leaving the document alone since it doesn't have DNS? Either way, it seems clear that the real plan here is to try to delay the controversial part until it's been "studied" and then implement it later...

from the bad-reporting dept

We've already written about Senator Leahy's decision to delay the implementation of DNS blocking in PIPA. Unfortunately, despite the clear words in the announcement, it appears that Leahy's staff is going around suggesting to the press that this means he's dropping DNS. Thus you get reports in Wired and in ReadWriteWeb saying that Leahy is offering to remove the DNS blocking provisions. That's exactly what Leahy's staff would like people to believe, in the hopes that this makes the bill palatable. First, it wouldn't actually make the bill palatable, but it's important to read what Leahy actually said:

As I prepare a managers' amendment to be considered during the floor debate, I will therefore propose that the positive and negative effects of this provision be studied before implemented...

That is NOT removing the DNS blocking provisions. It is merely delaying them.

Furthermore, since the DNS blocking was such a key component of the bill and, at the very last minute, Leahy is suddenly claiming that we can all ignore that section for the time being, isn't that reason enough to stop and wait, rather than rushing this bill forward? Leahy is admitting that he did not and still does not understand a key provision in his bill. Do we really think that's the only provision he did not understand? Shouldn't this, alone, be evidence that this bill needs to be rethought entirely? This isn't a reason to move forward. It's the opposite. It's a reason to put this bill aside and spend some time actually understanding the issues at play.

from the let-the-geeks-be-geeks-please dept

There's been plenty of talk, obviously, about the problems with SOPA and PIPA and how they treat DNS as a tool for blocking, despite the massive problems it causes for security efforts like DNSSEC. Every single working engineer who's spoken out on this issue (that we've seen, at least), has made this same point. We've even heard from techies within the government saying the same thing. And, of course, even Comcast itself (despite supposedly being in favor of the bill) proudly admits that DNS blocking is incompatible with DNSSEC. Even as the House and Senate are trying to punt on DNS issue, they still fully expect to put it in place at a later date, so it's important to discuss why it's a bad, bad idea.

So far, the "pro-SOPA/PIPA" folks haven't been able to find a legitimate working technologist who says that these plans make sense. Instead, they've brought out some "policy analysts" who have some basic technology background, but not a deep understanding of DNS. But, because they can toss around some tech terms, SOPA/PIPA supporters think they sound credible. However, in his latest post on the subject, Vixie walks through a step-by-step explanation for why each suggested method of DNS blocking won't work and/or breaks DNSSEC. Basically, these "policy analysts" keep suggesting different ways that they think DNS blocking could work, and Vixie explains why they're wrong each time, and points out the importance of actually having DNS engineers do DNS engineering -- not policy analysts.

For example an early draft of this legislative package called for DNS redirection of malicious domain names in conflict with the end-to-end DNS Security system (DNSSEC). Any such redirection would be trivially detected as a man in the middle attack by secure clients and would thus be indistinguishable from the kind of malevolent attacks that DNSSEC is designed to prevent. After the impossibility of redirection was shown supporters of PIPA and SOPA admitted that a redirection (for example, showing an "FBI Warning" page when an American consumer tried to access a web site dedicated to piracy or infringement) was not actually necessary. Their next idea was no better: to return a false No Such Domain (NXDOMAIN) signal. When the DNS technical community pointed out that NXDOMAIN had the same end-to-end security as a normal DNS answer and that false NXDOMAIN would be detected and rejected by secure clients the supporters SOPA and PIPA changed their proposal once again.

The second to latest idea for some technologically noninvasive way to respond to a DNS lookup request for a pirate or infringing domain name was "just don't answer". That is, simulate network loss and let the question "time out". When the DNS technical community explained that this would lead to long and mysterious delays in web browser behavior as well as an increased traffic load on ISP name servers due to the built in "retry logic" of all DNS clients in all consumer facing devices, we were ignored. However when we also observed that a DNSSEC client would treat this kind of "time out" as evidence of damage by the local hotel or coffee shop wireless gateway and could reasonably respond by trying alternative servers or proxies or even VPN paths in order to get a secure answer, the supporters of SOPA and PIPA agreed with this and moved right along.

The latest idea is to use the Administrative Denial (REFUSED) response code, which as originally defined seemed perfect for this situation. To me this latest proposal as well as the road we've travelled getting to this point seems like an excellent example of why network protocols should be designed by engineers....

And yet... it's not being designed by DNS engineers at all. It's being designed by policy people, with a smattering of help from some former technologists who don't really understand DNS. That seems like a pretty big problem.